November 30, 2011

Spanish brickie finds Facebook hacking flaw

Inteco issued a warning to web users about the risk
A Spanish builder stumbled on an online loophole that enables users to send Facebook messages in other users' names, prompting an alert by authorities, he said Wednesday.

A Spanish builder stumbled on an online loophole that enables users to send Facebook messages in other users' names, prompting an alert by authorities, he said Wednesday.

Spain's said it had alerted the US online networking site after Alfredo Arias, 37, warned them of the that allows a hacker to use e-mail addresses when sending spoof messages.

Arias found that anyone who knows how to create an online messaging form -- a simple procedure for a website designer -- can enter another person's e-mail address in the "sender" field and send a message as if it were from them.

The procedure is a common trick of online frauds, but Spain's government Internet watchdog Inteco said it was concerned to see that Facebook's e-mail service did not have safeguards to stop its addresses being misused this way.

"It is very easy. You only have to know how to create a web page to do it," Arias, from the northern Spanish city of Leon, told AFP.

He said he alerted the institute and published details of how to carry out the procedure on his blog.

Inteco issued a warning to about the risk.

"We issued this message when we heard of this concrete case," a spokeswoman for the institute told AFP, adding that it had alerted Facebook.

"While the problem is common to all e-mail services, on Facebook it takes on a bigger dimension by linking in to the online ," said a warning to web users published by Inteco's Bureau.

"This flaw could be used by ill-intentioned users for example to pass themselves off as a friend of the victim and invite them to visit malicious web pages or download untrustworthy applications."

Separately, US authorities said Tuesday that Facebook agreed to tighten its privacy policies and submit to external audits in order to settle charges that it abused users' personal data.

That deal settled two-year-old accusations that Facebook -- which has some 800 million users -- had allowed advertisers access to users' personal data when users were told it was being kept private.

(c) 2011 AFP

Citation: Spanish brickie finds Facebook hacking flaw (2011, November 30) retrieved 23 April 2024 from https://phys.org/news/2011-11-spanish-brickie-facebook-hacking-flaw.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Facebook messaging poses risks for users: watchdog
0 shares

Feedback to editors

Relevant PhysicsForums posts

Flipped RGB colours in a TV

1 hour ago

Fixing Linux kernel not found

Apr 16, 2024

Is an invisible LED mouse more accurate than one with a red LED?

Apr 15, 2024

AI In Actual Use

Apr 13, 2024

Does anyone make zero-flicker computer monitors?

Apr 13, 2024

Artificial Intelligence in Video

Apr 11, 2024

More from Computing and Technology

Load comments (0)